2/13/2014. What is Tamper Resistance? IBM s Attacker Categories. Protection Levels. Classification Of Physical Attacks.
|
|
- Morgan Wilson
- 6 years ago
- Views:
Transcription
1 What is Tamper Resistance? Physical and Tamper Resistance Mohammad Tehranipoor Updated/Modified by Siavash Bayat Sarmadi Resistance to tampering the device by either normal users or systems or others with physical access to it It ranges from simple features like screws with special heads to complex devices which can zeroize the content in it or encrypt the information 13 February February IBM s Attacker Categories Protection Levels Class I (clever outsiders) Clever but have insufficient knowledge of the system and equipment Class II (knowledgeable insiders) Generally have access sophisticated equipment and tools Class III (funded organizations) They are funded by big organizations and have access all kind of resources LEVEL ZERO No special security features. All of the parts of the device are free to access. LEVEL LOW Some security features are used. It can be broken less than $500 of equipment. LEVEL MODL Secure against most of the low cost attacks. Attackers need to have more expensive tools and special knowledge. 13 February February Protection Levels Classification Of Physical Level MOD Special tools and equipment are required as well as special skills and knowledge. Equipment cost my range from $5000 to $50000 Level MODH Special design is considered for secure device. Equipment cost to attack ranges from $50000 to $200,000 Level HIGH It is resilient against all known attacks. Micropr obing Invasive Revers e Engine ering Non- Invasive Sidechannel Brute Force Fault Injection Physical Data Reminance UV Optical Fault Injection Semiinvasive Advanced imaging Techniques Optical Sidechannel 13 February February
2 Non-Invasive Non-Invasive Do not require decapsulation of the device, so it is non-destructive Do not require any initial preparation of the device under test. They can be done by tapping on a wire or plugging the device in the test chip. Easley reproducible, so that they are not expensive However, it can take a lot of time to find an attack on an any particular device. Passive Side-Channel Power Analysis Timing Electromagnetic Emission Active Brute Force Glitch Under-voltage and overvoltage attacks Current Analysis e.t 13 February February Invasive Penetrative attacks: expensive to perform require expensive equipment, knowledgeable attackers and time almost unlimited capabilities to extract information from chips and understand their functionality leave tamper evidence of the attack or even destroy the device getting more demanding as the device complexity increases and the size shrinks Tools Invasive IC soldering/desoldering station simple chemical lab and high-resolution optical microscope wire bonding machine, laser cutting system, microprobing station oscilloscope, logic analyser, signal generator scanning electron microscope and focused ion beam workstation 13 February February Semi-Invasive Semi-Invasive Relatively new type of attack, it fills the gap between non-invasive and invasive attacks Similar to the invasive attacks, they requires depackaging of the device But, the attacker do not need to have expensive tools such as FIB. Actually, these attacks are not entirely new since UV light is used to disable security fuses in EPROM for many years UV Light Used to disable security fuses in EPROM and one-time programmable (OTP) microcontrollers Advanced Imaging Techniques IR Light is used to observe the chip from rear side Laser scanning techniques are used for hardware security analysis Optical Fault Injection It is used to induce transient fault in a transistor by illuminating it with laser Optical Side- Channel Analysis Observation of photon emission from the transistor 13 February February
3 Invasive Sample Preparation Sample Preparation Decapsulation Deprocessing Reverse Engineering Optical imaging for layout reconstruction Memory extraction Microprobing Laser cutter FIB workstation Chip Modification It starts with partial or full decapsulation of the chip to expose the chip die Decapsulation is the process of the removal of the chip package It can be done easily by anyone who has high school chemistry knowledge Only need to do some practice on a dozen of chip 13 February February Manual Decapsulation Milling a hole on the Chip Package In this way the acid will affect the only desired area on the chip surface Exposing the chip package to acid Fuming Nitric Acid or mixture of Fuming Nitric Acid and concentrated Sulphuric Acid can be used The acid is applied with a pipette to the hole in the chip, it should be preheated to C Cleaning the chip from the reaction products After second, the chip is sprayed with dry acetone several times Also, ultrasonic bath can be used to clean the chip die surface 13 February Decapsulation can be done from the rear side of the chip Access to the chip die can be established without using any chemical It requires to mill down to the copper plate which can be then removed mechanically
4 Automated Decapsulation For the large quantities, automated decapsulation systems can be used. Very little skill and experience is required to operate it Such systems cost over $15,000 and so that generally relatively large labs buy them Also, they consume ten times more acid than the manual decapsulation, so the disposal of the wastes should be done in proper way Nippon Scientific, PA February The same partial decapsulation can be applied to smart card Not all of them may maintain their electrical integrity Generally, smart cards are decapsulated completely 13 February Sample Preparation Deprocessing is the opposite process of the the chip fabrication It has two main application; Removing passivation layer to expose metal layers for microprobing attack Gaining access to the deep layers to observe internal structure of the chip Three basic deprocessing method are used; Wet chemical etching Plasma etching, also known as dry etching Mechanical polishing Wet Chemical Etching; Deprocessing Each layer is removed by specific chemicals Its downside is its uniformity in all directions Each type of material needs certain etchants to be used Nitrox wet etchant is one of the most effective etching agents for silicon nitride and silicon dioxide passivation layers which selectively removes the passivation layers of integrated circuits while preserving full device functionality. 13 February February Deprocessing Deprocessing Plasma Etching uses radicals created from gas inside a special chamber. only the surfaces hit by the ions are removed Similarly, each type of material needs certain enchant Figure1 Motorola MC68HC705C9A microcontroller. The metal layer is removed exposing the polysilicon and the doping layers. Figure2 Microchip PIC16F76 microcontroller. The top metal layer is removed exposing the second metal layer. Mechanical polishing performed with the use of abrasive materials Time-consuming and requires special machines 13 February
5 Etching Agents for Wet Chemical and Plasma Etching Reverse Engineering Reverse engineering is a technique used for understanding of the structure of the device and its functioning For ASIC, it means locations of all the transistors and interconnections All the layers of the chip are removed one by one in reverse order and photographed to determine the internal structure of the chip Eventually, by processing obtained information, standard netlist can be created and used to simulate the device February Reverse Engineering: Imaging Optical Imaging: For reverse engineering the silicon chips down to 0.18 µm feature size, an optical microscope with a digital camera can be used SEM: For semiconductor chips fabricated with 0.13 µm or smaller technology, images are created using a SEM which has a resolution better than 10 nm. 13 February February 2014 Flylogic.net/blog 28 Reverse Engineering Reverse Engineering: Memory extraction Memory extraction from Mask ROMs only possible for certain type of Mask ROM memory For example; NOR Mask ROM with active layer programming used in Motorola MC68HC705P6A Microcontroller can be read by removing the top metal layer But, same Microcontroller with newer technology requires deprocessing February
6 Reverse Engineering: Memory extraction Invasive : Microprobing Microprobing eavesdropping on signals inside a chip injection of test signals and observing the reaction can be used for extraction of secret keys and memory contents laser cutter can be used to remove passivation and cut metal wires limited use for 0.35µm and smaller chips 13 February February Tools Invasive : Microprobing The most important tool is microprobing station. It consists of five elements a microscope, stage, device test socket, micromanipulators and probe tips. Invasive : Microprobing Microprobing is applied to the internal CPU data bus Difficult to observe whole data bus at a time Two to four probes are used to observe data signals which are combined as a whole data trace later. 13 February February Microprobing: Laser Cutting Microprobing: Laser Cutting It is used to remove passivation layer to observe the metal layer Laser Cutting Systems consist of laser head mounted on camera port of a microscope submicron-precision stage to move the sample Carefully dosed laser flashes remove patches of the passivation layer with micrometer precision 13 February February
7 Microprobing: FIB Workstation The devices fabricated with 0.5 µm or smaller technology needs more sophisticated tools to establish contacts with the interconnect wires FIB stations can be used to create test point, imaging and repairing Also, FIB can mill holes and cut the wires 13 February Invasive : Chip Modification Invasive : Chip Modification It is used to disable security protection circuitry By cutting one of the internal metal interconnection wires by completely destroying the circuit associated with the security protection using a laser cutter For more sophisticated attacks FIB is used connecting the wire that transmits the security state to either the ground or the supply line. Chip modification always requires at least partial reverse engineering of the chip to find the point for possible attack. 13 February February Bus Encryption Countermeasures Top-layer Sensor Meshes ASICs and custom ICs Internal Voltage and Clock Frequency Sensors Light Sensor Countermeasures: Bus Encryption The bus encryption is used to protect the sensitive information from probing. Basically, the memory content is encrypted and then sent to the CPU by data bus Before the data used in CPU, it is decrypted 13 February February
8 Countermeasure: Bus Scrambling Typical probing areas Memory bus drivers Data bus itself where lines are organized in proper CPU bus width Bus order is 99.9% of the time in order (0..7 or 7..0) Countermeasure: Bus Scrambling Data bus scrambling is used to confuse attackers Order of the data bus is changed to make it difficult to observe bus signals 13 February February Bus Scrambling Counterme.: Top-layer Sensor Meshes Additional metallization layers that form a sensor mesh above the actual circuit do not carry any critical signals All the paths in a sensor mesh are continuously monitored for interruptions and short-circuits while power is available It prevents laser cutter or selective etching access to the bus lines. Also, mesh layer hides the lower layer which makes navigation on the chip surface for probing and FIB editing more tedious. 13 February February Counterme.: Top-layer Sensor Meshes Countermeasure: ASICs and Custom ICs Types of ASIC design Glue logic design from VHDL or logic level (Netlist) Fully custom design with security requirements 13 February February
9 Countermeasures: Sensors Different kind of sensors can be used to detect attack attempt Voltage and frequency sensors for glitching attacks Light sensor can be helpful against decapsulation of the device Special purpose sensors can be created to detect probing. Ring oscillator based detector (Probing Attempt Detector) Sensors : Probing Attempt Detector Exploits the fact that probing will change the capacitance in the bus line. Place ring oscillators on the bus lines When the probe touches the one or more bus lines, frequency of the ring oscillator changes PAD observes the bus lines continuously, when they have significant difference, it sets a flag that there is a probing attempt on the one of the lines 13 February February Sensors : Probing Attempt Detector Semi-Invasive Sample Preparation Imaging Perform the Decapsulation Backside imaging techniques UV light attacks Active photon probing Optical Fault injection attacks 13 February February Semi-Invasive : Sample Preparation Decapsulation of the chip to prepare it for attacks. For the modern chips, backside decapsulation is used There is no need to use chemicals Semi-Invasive : Imaging Down to 0.8 µm technology, it was possible to identify all the major elements of microcontrollers ROM, EEPROM, SRAM, CPU Difficult to distinguish for newer technologies Can be observed with infrared light from rear side Backside imaging also is useful to extract the Mask ROM content 13 February February
10 Semi-Invasive : Imaging Semi-Invasive : UV They can be applied any OTP and UV EPROM microcontrollers Divided into two stages Finding the fuse by using imaging techniques resetting it to the unprotected state with a UV light 13 February February UV : Locating the Security Fuses Security fuse Controls access to the information stored in onchip memory They are physically located in the chip die They are the separate memory cells from the main memory array If they are away from the main memory or next to it, the security is not very high as the fuses can be found and disabled. Better protection can be achieved when the security fuses are located on the same memory array UV : Locating the Security Fuses Several methods can be used to locate the security fuses Reverse engineering (expensive) Partial Reverse engineering ( could save time) High voltage used for memory programming, is normally supplied from an external pin and could be traced down to all the EPROM memory cells including the fuses with optical microscope (if technology is down to 0.8 um) Newer technologies requires deprocessing to observe the internal structure of the chip 13 February February UV If fuses are close the main memory, UV light can be used to locate them After, finding the security fuses, five to ten minutes under UV light should give the proper result. Semi-Invasive : Active Photon Probing Laser radiation can ionize an IC s semiconductor regions if its photon energy exceeds the semiconductor band gap In active photon probing, a scanned photon beam interacts with an IC. Laser scanning techniques (LST) One is called optical beam induced current (OBIC) and is applied to an unbiased chip to find the active doped areas on its surface Another is, called light-induced voltage alteration (LIVA), applied to a chip under operation 13 February February
11 Reading the logic state of CMOS transistors Red low power laser beams ionize active areas Power off imaging identifies active areas Power on imaging distinguishes between closed and opened transistor channels Semi-Invasive : Optical Fault injection attacks Illumination of a target transistor causes it to conduct, thereby inducing a transient fault Such attacks Practical Do not require expensive laser equipment Any individual bit of SRAM in microcontroller can be set or reset 13 February February Fault injection attacks: Changing SRAM contents Non-volatile memory contents modification EPROM, EEPROM and Flash memory cells are even more sensitive to fault injection attacks. They can be changed by light This attacks can be used to disable security fuses The light should be focused down to the security fuse These attacks do not work on modern chips built in smaller sizes 13 February February References Semi-invasive attacks A new approach to hardware security analysis, Sergei P. Skorobogatov Physical and Tamper Resistance Sergei Skorobogatov Hardware Engines for Bus Encryption: a Survey of Existing Techniques R. Elbaz, L. Torres, G. Sassatelli, P. Guillemin, C. Anguille and C. Buatois, J. B. Rigaud References Smart Card Handbook, by Wolgang Ranki, Wolfgang Effing Detection of Probing Attempts in Secure ICs, Salvador Manich, Markus S. Wamser and Georg Sigl Wet and Dry Etching Avinash P. Nayak Logeeswaran VJ and M. Saif Islam Security Failures in Secure Devices, Christopher Tarnovsky Black Hat, DC 13 February February
Information Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 8: Hardware security (2/2), Leakage/tamper resilience (1/2) Lecturer: Eran Tromer 1 Hardware security Invasive attacks (continued)
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2013-2014 Lecture 5: Hardware security and invasive attacks Eran Tromer Slides credit: Sergei Skorobogatov (University of Cambridge) 1 Talk Outline
More informationChapter 7 Physical Attacks and Tamper Resistance
Chapter 7 Physical Attacks and Tamper Resistance Sergei Skorobogatov Many semiconductor chips used in a wide range of applications require protection against physical attacks or tamper resistance. These
More informationTamper Resistance - a Cautionary Note Ross Anderson Markus Kuhn
Tamper Resistance - a Cautionary Note Ross Anderson University of Cambridge Computer Laboratory Markus Kuhn University of Erlangen/ Purdue University Applications of Tamper Resistant Modules Security of
More informationOptical Fault Masking Attacks. Sergei Skorobogatov
Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Memory modification attacks were actively used in mid 90s to circumvent the security in microcontrollers In old chips
More informationIBG Protection for Anti-Fuse OTP Memory Security Breaches
IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview Anti-Fuse Memory IP is considered by some to be the gold standard for secure memory. Once programmed, reverse engineering methods will
More informationOptical Fault Masking Attacks
Optical Fault Masking Attacks Sergei Skorobogatov Computer Laboratory University of Cambridge Cambridge, United Kingdom e-mail: sps32@cam.ac.uk Abstract This paper introduces some new types of optical
More informationTamper resistance and hardware security. Dr Sergei Skorobogatov
Tamper resistance and hardware security Dr Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Talk Outline Introduction Attack awareness Tamper protection levels Attack methods Non-invasive
More informationTamper resistance and hardware security. Dr Sergei Skorobogatov
Tamper resistance and hardware security Dr Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Talk Outline Introduction Attack awareness Tamper protection levels Attack methods Non-invasive
More informationHow Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches
How Safe is Anti-Fuse Memory? IBG Protection for Anti-Fuse OTP Memory Security Breaches Overview A global problem that impacts the lives of millions daily is digital life security breaches. One of the
More informationCSCI 4974 / 6974 Hardware Reverse Engineering. Lecture 14: Invasive attacks
CSCI 4974 / 6974 Hardware Reverse Engineering Lecture 14: Invasive attacks Attack types Semi-invasive Device is depackaged, but die isn't damaged Invasive Any attack involving physical damage to die Semi-invasive
More informationFlash Memory Bumping Attacks
Flash Memory Bumping Attacks Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Data protection with integrity check verifying memory integrity without compromising
More informationLecture Notes 20 : Smartcards, side channel attacks
6.857 Computer and Network Security November 14, 2002 Lecture Notes 20 : Smartcards, side channel attacks Lecturer: Ron Rivest Scribe: Giffin/Greenstadt/Plitwack/Tibbetts [These notes come from Fall 2001.
More informationNon-destructive, High-resolution Fault Imaging for Package Failure Analysis. with 3D X-ray Microscopy. Application Note
Non-destructive, High-resolution Fault Imaging for Package Failure Analysis with 3D X-ray Microscopy Application Note Non-destructive, High-resolution Fault Imaging for Package Failure Analysis with 3D
More informationHardware Security: Present challenges and Future directions
Hardware Security: Present challenges and Future directions Dr Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Dept of Computer Science and Technology Outline Introduction History
More informationSecure Smartcard Design against Laser Fault Injection. FDTC 2007, September 10 th Odile DEROUET
Secure Smartcard Design against Laser Fault Injection FDTC 2007, September 10 th Odile DEROUET Agenda Fault Attacks on Smartcard Laser Fault Injection Our experiment Background on secure hardware design
More informationOutline. Trusted Design in FPGAs. FPGA Architectures CLB CLB. CLB Wiring
Outline Trusted Design in FPGAs Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Intro to FPGA Architecture FPGA Overview Manufacturing Flow FPGA Security
More informationAttacking Serial Flash Chip: Case Study of a Black Box
Attacking Serial Flash Chip: Case Study of a Black Box Emma Benoit, Guillaume Heilles, and Philippe Teuwen {ebenoit,gheilles,pteuwen}@quarkslab.com Quarkslab 1 Context The original context that lead to
More informationReverse Engineering Techniques in CMOS Based Non-Volatile Memory (NVM)
Reverse Engineering Techniques in CMOS Based Non-Volatile Memory (NVM) EMBEDDED SRAM & NVM LOGIC LIBRARIES EMBEDDED T&R MEMORY DEVELOPMENT SW INTERFACE IP Agenda Applications Requiring Standard CMOS NVM
More informationJoint Interpretation Library
Joint Interpretation Library Annex A: Examples for Version 1.1 July 2003 JIL Table of Contents 1 Examples of... 4 1.1 Physical modification... 4 1.2 Reverse engineering (observation)... 6 1.3 Cryptanalysis
More informationElectromagnetic Compatibility ( EMC )
Electromagnetic Compatibility ( EMC ) ESD Strategies in IC and System Design 8-1 Agenda ESD Design in IC Level ( ) Design Guide Lines CMOS Design Process Level Method Circuit Level Method Whole Chip Design
More informationEmbedded System Security. Professor Patrick McDaniel Charles Sestito Fall 2015
Embedded System Security Professor Patrick McDaniel Charles Sestito Fall 2015 Embedded System Microprocessor used as a component in a device and is designed for a specific control function within a device
More informationWith Respect to Techniques
Physical Security Testing Workshop, Hawaii, 26-29 September 2005 Studying LSI Tamper Resistance With Respect to Techniques Developed for Failure Analysis Tsutomu Matsumoto Shigeru Nakajima Yokohama National
More informationTechnical Report. Semi-invasive attacks A new approach to hardware security analysis. Sergei P. Skorobogatov. Number 630.
Technical Report UCAM-CL-TR-630 ISSN 1476-2986 Number 630 Computer Laboratory Semi-invasive attacks A new approach to hardware security analysis Sergei P. Skorobogatov April 2005 15 JJ Thomson Avenue Cambridge
More informationSecurity Failures In Secure Devices Black Hat DC February 21, 2008
Security Failures In Secure Devices Black Hat DC February 21, 2008 Christopher Tarnovsky Flylogic Engineering, LLC. chris@flylogic.net www.flylogic.net Who am I? Last 10 years with NDS Anti-piracy effort
More informationMemory address scrambling revealed using fault attacks
Memory address scrambling revealed using fault attacks Jacques Fournier CEA-LETI jacques.fournier@cea.fr Philippe Loubet-Moundi GEMALTO philippe.loubet-moundi@gemalto.com 1 General Context Attacks on security
More informationFocused Ion Beam (FIB) Circuit Edit
EDFAAO (2014) 3:20-23 1537-0755/$19.00 ASM International FIB Circuit Edit Focused Ion Beam (FIB) Circuit Edit Taqi Mohiuddin, Evans Analytical Group taqi@eag.com Introduction While focused ion beam (FIB)
More informationLiteracy for Integrated Circuit Reverse Engineering
Literacy for Integrated Circuit Reverse Engineering Alex Radocea 1 Now bringing pain to the adversary at worked security at a large tech company worked security at matasano learned c and unix from swedish
More informationLayout Analysis Embedded Memory
Sample Report For any additional technical needs concerning semiconductor and electronics technology, please call Sales at Chipworks. 3685 Richmond Road, Suite 500, Ottawa, ON K2H 5B7, Canada Tel: 613.829.0414
More informationSupporting Document Mandatory Technical Document. Requirements to perform Integrated Circuit Evaluations. May Version 1.
Supporting Document Mandatory Technical Document Requirements to perform Integrated Circuit Evaluations May 2013 Version 1.1 Requirements to perform Integrated Circuit Evaluations Foreword This is a supporting
More informationAnalog ASICs in industrial applications
Analog ASICs in industrial applications Customised IC solutions for sensor interface applications in industrial electronics the requirements and the possibilities Synopsis Industrial electronics creates
More informationHow multi-fault injection. of smart cards. Marc Witteman Riscure. Session ID: RR-201 Session Classification: Advanced
How multi-fault injection breaks Title the of Presentation security of smart cards Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced Imagine you could turn your BART EZ Rider fare
More informationCMPE 415 Programmable Logic Devices FPGA Technology I
Department of Computer Science and Electrical Engineering CMPE 415 Programmable Logic Devices FPGA Technology I Prof. Ryan Robucci Some slides (blue-frame) developed by Jim Plusquellic Some images credited
More informationCurve Tracing Systems
Curve Tracing Systems Models Available MultiTrace: The most flexible solution for devices up to 625 pins, capable of any of the applications described here. Comes with a PGA-625 fixture MegaTrace: A larger
More information8051 INTERFACING TO EXTERNAL MEMORY
8051 INTERFACING TO EXTERNAL MEMORY Memory Capacity The number of bits that a semiconductor memory chip can store Called chip capacity It can be in units of Kbits (kilobits), Mbits (megabits), and so on
More informationOPERATIONAL UP TO. 300 c. Microcontrollers Memories Logic
OPERATIONAL UP TO 300 c Microcontrollers Memories Logic Whether You Need an ASIC, Mixed Signal, Processor, or Peripheral, Tekmos is Your Source for High Temperature Electronics Using either a bulk silicon
More information반도체공정 - 김원정. Lattice constant (Å)
반도체물리 - 반도체공정 - 김원정 Semiconductors Lattice constant (Å) 1 PN junction Transistor 2 Integrated circuit Integrated circuit originally referred to a miniaturized electronic circuit consisting of semiconductor
More informationGrundlagen Microcontroller Memory. Günther Gridling Bettina Weiss
Grundlagen Microcontroller Memory Günther Gridling Bettina Weiss 1 Lecture Overview Memory Memory Types Address Space Allocation 2 Memory Requirements What do we want to store? program constants (e.g.
More informationControl System Implementation
Control System Implementation Hardware implementation Electronic Control systems are also: Members of the Mechatronic Systems Concurrent design (Top-down approach?) Mechanic compatibility Solve the actual
More informationChapter 5: ASICs Vs. PLDs
Chapter 5: ASICs Vs. PLDs 5.1 Introduction A general definition of the term Application Specific Integrated Circuit (ASIC) is virtually every type of chip that is designed to perform a dedicated task.
More informationAltaSens A5262-4T 4.5 Megapixel CMOS Image Sensor 0.18 µm IBM Process
AltaSens A5262-4T 4.5 Megapixel CMOS Image Sensor 0.18 µm IBM Process Imager Process Review For comments, questions, or more information about this report, or for any additional technical needs concerning
More informationDynamic Behavior of RS latches using FIB processing and probe connection
Dynamic Behavior of RS latches using FIB processing and probe connection Naoya Torii 1,2, Dai Yamamoto 1, Masahiko Takenaka 1, and Tsutomu Matsumoto 2 1 Secure Computing Laboratory, Fujitsu Laboratories
More informationElectronic Control systems are also: Members of the Mechatronic Systems. Control System Implementation. Printed Circuit Boards (PCBs) - #1
Control System Implementation Hardware implementation Electronic Control systems are also: Members of the Mechatronic Systems Concurrent design (Top-down approach?) Mechanic compatibility Solve the actual
More informationIntegrated circuits and fabrication
Integrated circuits and fabrication Motivation So far we have discussed about the various devices that are the heartbeat of core electronics. This modules aims at giving an overview of how these solid
More informationAttacking smartcards. Erik Poll. Digital Security
Attacking smartcards Erik Poll Digital Security Smartcard security Smartcards are not 100% secure ongoing arms race of attacks & countermeasures Ten year old cards may be easily broken today Crucial question:
More informationHardware Design with VHDL PLDs I ECE 443. FPGAs can be configured at least once, many are reprogrammable.
PLDs, ASICs and FPGAs FPGA definition: Digital integrated circuit that contains configurable blocks of logic and configurable interconnects between these blocks. Key points: Manufacturer does NOT determine
More informationUNIT 4 INTEGRATED CIRCUIT DESIGN METHODOLOGY E5163
UNIT 4 INTEGRATED CIRCUIT DESIGN METHODOLOGY E5163 LEARNING OUTCOMES 4.1 DESIGN METHODOLOGY By the end of this unit, student should be able to: 1. Explain the design methodology for integrated circuit.
More informationExamples for the Calculation of Attack Potential for Smartcards
Examples for the Calculation of Attack Potential for Smartcards Thomas Schröder, T-Systems GEI GmbH on behalf of the JHAS working group Introduction Basis for the examples The work is based on a collection
More information28F K (256K x 8) FLASH MEMORY
28F020 2048K (256K x 8) FLASH MEMOR SmartDie Product Specification Flash Electrical Chip Erase 2 Second Typical Chip Erase Quick-Pulse Programming Algorithm 10 ms Typical Byte Program 4 Second Chip Program
More informationFABRICATION OF CMOS INTEGRATED CIRCUITS. Dr. Mohammed M. Farag
FABRICATION OF CMOS INTEGRATED CIRCUITS Dr. Mohammed M. Farag Outline Overview of CMOS Fabrication Processes The CMOS Fabrication Process Flow Design Rules EE 432 VLSI Modeling and Design 2 CMOS Fabrication
More informationTamper resistant devices
Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics buttyan@crysys.hu 2010 Levente Buttyán Outline and objective outline introduction
More informationDesign Factors Affecting Laser Cutting Parameters Line width Wider lines more heat flow Lines affect spot size larger line: wider spot Lines much
Design Factors Affecting Laser Cutting Parameters Line width Wider lines more heat flow Lines affect spot size larger line: wider spot Lines much larger than spot size Require several positions and laser
More informationShack Clock kit. U3S Rev 2 PCB 1. Introduction
Shack Clock kit U3S Rev 2 PCB 1. Introduction Thank you for purchasing the QRP Labs Shack Clock kit. This clock uses the Ultimate3S QRSS/WSPR kit hardware, but a different firmware version. It can be used
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 5: Side channels: memory, taxonomy Lecturer: Eran Tromer 1 More architectural side channels + Example of a non-cryptographic
More informationECE321 Electronics I
ECE321 Electronics I Lecture 28: DRAM & Flash Memories Payman Zarkesh-Ha Office: ECE Bldg. 230B Office hours: Tuesday 2:00-3:00PM or by appointment E-mail: payman@ece.unm.edu Slide: 1 Review of Last Lecture
More informationFABRICATION TECHNOLOGIES
FABRICATION TECHNOLOGIES DSP Processor Design Approaches Full custom Standard cell** higher performance lower energy (power) lower per-part cost Gate array* FPGA* Programmable DSP Programmable general
More informationVLSI Design Automation. Maurizio Palesi
VLSI Design Automation 1 Outline Technology trends VLSI Design flow (an overview) 2 Outline Technology trends VLSI Design flow (an overview) 3 IC Products Processors CPU, DSP, Controllers Memory chips
More informationThis Part-A course discusses techniques that are used to reduce noise problems in the design of large scale integration (LSI) devices.
Course Introduction Purpose This Part-A course discusses techniques that are used to reduce noise problems in the design of large scale integration (LSI) devices. Objectives Understand the requirement
More informationCOMP3221: Microprocessors and. and Embedded Systems. Overview. Lecture 23: Memory Systems (I)
COMP3221: Microprocessors and Embedded Systems Lecture 23: Memory Systems (I) Overview Memory System Hierarchy RAM, ROM, EPROM, EEPROM and FLASH http://www.cse.unsw.edu.au/~cs3221 Lecturer: Hui Wu Session
More informationVLSI Test Technology and Reliability (ET4076)
VLSI Test Technology and Reliability (ET4076) Lecture 8(2) I DDQ Current Testing (Chapter 13) Said Hamdioui Computer Engineering Lab Delft University of Technology 2009-2010 1 Learning aims Describe the
More informationRobotic Systems ECE 401RB Fall 2006
The following notes are from: Robotic Systems ECE 401RB Fall 2006 Lecture 13: Processors Part 1 Chapter 12, G. McComb, and M. Predko, Robot Builder's Bonanza, Third Edition, Mc- Graw Hill, 2006. I. Introduction
More informationOrganization. 5.1 Semiconductor Main Memory. William Stallings Computer Organization and Architecture 6th Edition
William Stallings Computer Organization and Architecture 6th Edition Chapter 5 Internal Memory 5.1 Semiconductor Main Memory 5.2 Error Correction 5.3 Advanced DRAM Organization 5.1 Semiconductor Main Memory
More informationEE 308: Microcontrollers
EE 308: Microcontrollers AVR Architecture Aly El-Osery Electrical Engineering Department New Mexico Institute of Mining and Technology Socorro, New Mexico, USA January 23, 2018 Aly El-Osery (NMT) EE 308:
More informationChip Lifecycle Security Managing Trust and Complexity
Chip Lifecycle Security Managing Trust and Complexity Dr. Martin Scott July 2016 Connected Endpoints Are The New Mobile 2 50 billion connected devices by 2020 Unprecedented Data Proliferation Cloud Endpoint
More informationCharacterizing Touch Panel Sensor ESD Failure with IV-Curve TLP (System Level ESD)
Characterizing Touch Panel Sensor ESD Failure with IV-Curve TLP (System Level ESD) Wei Huang, Jerry Tichenor, David Pommerenke 2014 ESDA Exhibition Booth 606 Web: www.esdemc.com Email: info@esdemc.com
More informationPhysics 120/220 Lab Equipment, Hints & Tips
Physics 120/220 Lab Equipment, Hints & Tips Solderless Breadboard... 2 Power supply... 4 Multimeters... 5 Function generator... 5 Oscilloscope... 6 10X probe... 7 Resistor color code... 7 Components...
More informationFPGA Programming Technology
FPGA Programming Technology Static RAM: This Xilinx SRAM configuration cell is constructed from two cross-coupled inverters and uses a standard CMOS process. The configuration cell drives the gates of
More informationWilliam Stallings Computer Organization and Architecture 6th Edition. Chapter 5 Internal Memory
William Stallings Computer Organization and Architecture 6th Edition Chapter 5 Internal Memory Semiconductor Memory Types Semiconductor Memory RAM Misnamed as all semiconductor memory is random access
More informationHow Do We Make Designs Insecure?
How Do We Make Designs Insecure? Gang Qu University of Maryland, College Park gangqu@umd.edu Design Automation Summer School Austin, TX June 5, 2016 Modular Exponentiation: a e (mod n) What is modular
More informationIntroduction 1. GENERAL TRENDS. 1. The technology scale down DEEP SUBMICRON CMOS DESIGN
1 Introduction The evolution of integrated circuit (IC) fabrication techniques is a unique fact in the history of modern industry. The improvements in terms of speed, density and cost have kept constant
More informationWhat is Smart Cards? Korea Smart Card Co. Jae Gwan Park 0/83
What is Smart Cards? 2010.04.15 Korea Smart Card Co. Jae Gwan Park jg.park@koreasmartcard.com 0/83 1. What is a smart card? Exploded view of a Smart Card Architecture of a Smart Card Memory Cards Microprocessor
More informationLSN 6 Programmable Logic Devices
LSN 6 Programmable Logic Devices Department of Engineering Technology LSN 6 What Are PLDs? Functionless devices in base form Require programming to operate The logic function of the device is programmed
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationWalking by the Physical Borderline: Vulnerability Analysis of HW TOEs with Security Boxes
10ICCC Tromso, Norway Spanish Certification Body Walking by the Physical Borderline: Vulnerability Analysis of HW TOEs with Security Boxes Dr. Marino Tapiador September 2009 10ICCC Tromso, Norway Spanish
More informationArithmetic/logic Unit (ALU)
3D Printer Arithmetic/logic Unit (ALU) Barcode Barcode Printer Barcode Reader Biometric Reader BIOS (Basic input/output system) Bit Bus Bus Interface Unit A printer that uses molten plastic during a series
More informationFault Injection Attacks and Countermeasures
Fault Injection Attacks and Countermeasures Brněnské bezpečnostní setkávání, FEKT VUT Brno Jakub Breier 28 March 2018 Physical Analysis and Cryptographic Engineering Nanyang Technological University Singapore
More informationS12VR Hardware Design. Guidelines. 1 Introduction. 2 Hardware Design. Guidelines. 2.1 Voltage regulator. Freescale Semiconductor
Freescale Semiconductor Document Number: AN4643 Application Note Rev 1, 10/2013 S12VR Hardware Design Guidelines by: Carlos Aceff 1 Introduction This document lists the required external components and
More informationMemory Overview. Overview - Memory Types 2/17/16. Curtis Nelson Walla Walla University
Memory Overview Curtis Nelson Walla Walla University Overview - Memory Types n n n Magnetic tape (used primarily for long term archive) Magnetic disk n Hard disk (File, Directory, Folder) n Floppy disks
More informationChapter TEN. Memory and Memory Interfacing
Chapter TEN Memory and Memory Interfacing OBJECTIVES this chapter enables the student to: Define the terms capacity, organization, and speed as used in semiconductor memories. Calculate the chip capacity
More informationCLEAN ROOM TECHNOLOGY
CLEAN ROOM TECHNOLOGY Justin Mathew Applied Electronics and Instrumentation College Of Engineering, Trivandrum April 28, 2015 Justin Mathew (CET) Clean Room Technology April 28, 2015 1 / 18 Overview 1
More informationMemory in Digital Systems
MEMORIES Memory in Digital Systems Three primary components of digital systems Datapath (does the work) Control (manager) Memory (storage) Single bit ( foround ) Clockless latches e.g., SR latch Clocked
More informationLayout Analysis I/O. Analysis from an HD Video/Audio SoC
Sample Report Analysis from an HD Video/Audio SoC For any additional technical needs concerning semiconductor and electronics technology, please call Sales at Chipworks. 3685 Richmond Road, Suite 500,
More informationLatch-Up. Parasitic Bipolar Transistors
Latch-Up LATCH-UP CIRCUIT Latch-up is caused by an SCR (Silicon Controlled Rectifier) circuit. Fabrication of CMOS integrated circuits with bulk silicon processing creates a parasitic SCR structure. The
More information11 Patent Number: 5,519,242 Avery 45) Date of Patent: May 21, 1996
United States Patent (19) I I USOO5519242A 11 Patent Number: 5,519,242 Avery 45) Date of Patent: May 21, 1996 54 ELECTROSTATIC DISCHARGE 5,357,126 10/1994 Jimenez... 257/173 PROTECTION CIRCUIT FOR A NMOS
More informationSemiconductor Memories: RAMs and ROMs
Semiconductor Memories: RAMs and ROMs Lesson Objectives: In this lesson you will be introduced to: Different memory devices like, RAM, ROM, PROM, EPROM, EEPROM, etc. Different terms like: read, write,
More informationMICRO BURN IN PRODUCTS LISTED IN MODEL NUMBER ORDER FOLLOWED BY A BRIEF DESCRIPTION
MICRO BURN IN PRODUCTS LISTED IN MODEL NUMBER ORDER FOLLOWED BY A BRIEF DESCRIPTION MODEL 102P 102R DESCRIPTION Floor Stand (Plane) Floor Stand (Modified) HTRB Burn-In System (diode) Component Burn-In
More informationMT2 Introduction Embedded Systems. MT2.1 Mechatronic systems
MT2 Introduction Embedded Systems MT2.1 Mechatronic systems Mechatronics is the synergistic integration of mechanical engineering, with electronics and intelligent computer control in the design and manufacturing
More informationAUTOFOCUS SENSORS & MICROSCOPY AUTOMATION IR LASER SCANNING CONFOCAL MICROSCOPE IRLC DEEP SEE. Now See Deeper than ever before
AUTOFOCUS SENSORS & MICROSCOPY AUTOMATION IR LASER SCANNING CONFOCAL MICROSCOPE IRLC DEEP SEE Now See Deeper than ever before Review and inspection of non visible subsurface defects Non visible and subsurface
More informationWilliam Stallings Computer Organization and Architecture 8th Edition. Chapter 5 Internal Memory
William Stallings Computer Organization and Architecture 8th Edition Chapter 5 Internal Memory Semiconductor Memory The basic element of a semiconductor memory is the memory cell. Although a variety of
More informationIntroduction to Side-Channel Analysis: Basic Concepts and Techniques
Introduction to Side-Channel Analysis: Basic Concepts and Techniques Hardware security, Spring 2018 Lejla Batina March 8, 2018 Institute for Computing and Information Sciences Radboud University 1 Outline
More information4.1 Parts and Components... IV Assembly Tips... IV Assembly Precautions... IV Required Tools, Equipment and Materials..
IV PERSONALITY MODULE ASSEMBLY 4.1 Parts and Components............ IV-1 4.2 Assembly Tips............... IV-1 4.3 Assembly Precautions............ IV-1 4.4 Required Tools, Equipment and Materials.. IV-1
More informationLecture Objectives. Introduction to Computing Chapter 0. Topics. Numbering Systems 04/09/2017
Lecture Objectives Introduction to Computing Chapter The AVR microcontroller and embedded systems using assembly and c Students should be able to: Convert between base and. Explain the difference between
More informationRESTRICTED WORLD TRADE G/IT/SPEC/8/Rev.1 23 February 1998 ORGANIZATION PROPOSED ADDITIONS TO PRODUCT COVERAGE. Submission by Australia.
RESTRICTED WORLD TRADE G/IT/SPEC/8/Rev.1 23 February 1998 ORGANIZATION (98-0664) Committee of Participants on the Expansion of Trade in Information Technology Products Original: English PROPOSED ADDITIONS
More information1. Table of contents History Tools Parts manipulation Soldering Soldering iron or station...
1. TABLE OF CONTENTS 1. Table of contents... 3 2. History... 15 3. Tools... 19 3.1. Parts manipulation... 19 4. Soldering... 23 4.1. Soldering iron or station... 23 4.2. Hot-air rework stations... 24 4.3.
More informationIntroduction to Layout design
Introduction to Layout design Note: some figures are taken from Ref. B. Razavi, Design of Analog CMOS integrated circuits, Mc Graw-Hill, 001, and MOSIS web site: http://www.mosis.org/ 1 Introduction to
More informationEE586 VLSI Design. Partha Pande School of EECS Washington State University
EE586 VLSI Design Partha Pande School of EECS Washington State University pande@eecs.wsu.edu Lecture 1 (Introduction) Why is designing digital ICs different today than it was before? Will it change in
More informationCSCI 4974 / 6974 Hardware Reverse Engineering. Lecture 12: Non-invasive attacks
CSCI 4974 / 6974 Hardware Reverse Engineering Lecture 12: Non-invasive attacks Memory technologies Quiz Attack types Non-invasive Any attack which does not damage the package Non-invasive attacks Program/debug
More informationAPPLICATION NOTES for THROUGH-HOLE LEDs
APPLICATION NOTES for THROUGH-HOLE s STORAGE CONDITIONS 1. Avoid continued exposure to the condensing moisture environment and keep the product away from rapid transitions in ambient temperature. 2. s
More informationIntegrated Circuits & Systems
Federal University of Santa Catarina Center for Technology Computer Science & Electronics Engineering Integrated Circuits & Systems INE 5442 Lecture 23-1 guntzel@inf.ufsc.br Semiconductor Memory Classification
More information